Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

BulletProof Security

WordPress Website Security Protection: Effective...Reliable...Easy to use

BulletProof Security Feature Highlights

  • .htaccess Website Security Protection (Firewalls)
  • Login Security & Monitoring
  • DB Backup
  • DB Backup Logging
  • DB Table Prefix Changer
  • Security Logging
  • HTTP Error Logging
  • FrontEnd/BackEnd Maintenance Mode
  • UI Theme Skin Changer

BulletProof Security Pro Feature Highlights

  • 1 Click Setup Wizard
  • AutoRestore Intrusion Detection & Prevention System (IDPS)
  • Quarantine Intrusion Detection & Prevention System (IDPS)
  • Real-time File Monitor (IDPS)
  • DB Monitor Intrusion Detection System (IDS)
  • DB Diff Tool - data comparison tool
  • DB Backup
  • DB Status & Info - extensive database status & info
  • Plugin Firewall (True IP Based Firewall)
  • JTC Anti-Spam / Anti-Hacker
  • Uploads Folder Anti-Exploit Guard (UAEG)
  • .htaccess Website Security Protection (Firewalls)
  • Custom php.ini Website Security
  • Login Security & Monitoring w/Dashboard Alerting / Status Display & additional options/features
  • F-Lock - Read Only File Locking
  • FrontEnd/BackEnd Maintenance Mode
  • Security Logging
  • HTTP Error Logging
  • PHP Error Logging
  • DB Monitor Logging
  • DB Backup Logging
  • DB Table Prefix Changer
  • AutoRestore/Quarantine Logging
  • S-Monitor - Monitoring & Alerting Core
  • Versatile Set of 16 Pro-Tools (16 mini-plugins)
  • Heads Up Dashboard Status Display
  • UI Theme Skin Changer
  • View All BulletProof Security Pro Feature Details

BulletProof Security One-Click Method vs Multiple Separate Option Settings

BulletProof Security uses a one-click setup method vs breaking up options and settings into multiple separate different options and settings. One-click is used figuratively and not literally. One-click is the concept where several tasks are performed with one-click of a button. BPS BulletProof Modes setup actually takes 4 clicks, but with those 4 clicks BPS BulletProof Modes are setup and the website has maximum security enabled with all BPS security features and code enabled instead of having to choose multiple separate options and settings. Customization, whitelisting, adding BPS Bonus Custom Code or adding other personal custom .htaccess code is done with the BPS Custom Code feature.

htaccess Core Website Security (Security/Firewalls)

WordPress Website Security Protection: BulletProof Security protects your website against 100,000's of different hacking attempts/attacks. The .htaccess security filters in BulletProof Security are designed to match malicious and nuisance attack patterns. The most important benefits of using a finite pattern matching method vs infinite banning/blocking individual IP's, Host's, Referer's, etc. is that your website performance and Server resources are not negatively impacted. In general, BulletProof Security takes an "Action Approach" to website security. Hacker X, Spammer X, Bad Bot X does bad Action Y = Forbidden/Blocked. An "Action Approach" is a much more effective and performance optimized approach to website security since the bad action itself is being blocked/forbidden instead of attempting to block an individual hacker/spammer that performed a bad action. Example: BulletProof Security blocks all SQL Injection hacking attempts/attacks no matter who performed that SQL Injection hacking attempt/attack.

Login Security & Monitoring Website Security (Security/Monitoring)

Login Security & Login Monitoring: Log All User Account Logins or Log Only User Account Lockouts (see Screenshot). Brute Force Login Security Protection. Email alerting options allow you to choose 5 different email alerting options: Choose to have email alerts sent when a User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out or Do Not Send Email Alerts. Choose Standard WP Error Messages or Generic Error Messages for Login Security Stealth Mode. Choose to Enable or Disable Login Password Reset capability for Login Security Stealth Mode. See BulletProof Security Login Security & Monitoring Features for additional features and options.

DB Backup: Database Backup Website Security (Security/Backup)

DB Backup: Create manual and scheduled Backup Jobs. Selective database table backup and full database backup. Scheduled backup job options: Hourly, Daily, Weekly and Monthly. Send scheduled backup zip file via email or just send email only, automatically delete old backup files after a certain period of time, etc., etc., etc. All DB Backup options/settings and default setup is done automatically during upgrades and new installations.

BulletProof Security is Website Performance Optimized (Performance/Optimization)

Website performance is just as important as website security. BulletProof Security is website performance optimized with website owners best interests at heart. BulletProof Security does NOT abuse the WordPress Database by making excessive MySQL Queries. BulletProof Security does NOT store excessive & non-essential data in your WordPress Database. BulletProof Security does NOT use excessive Server Memory & Resources. BulletProof Security does NOT use any gimmicks or bells & whistles that will cost website owners their website performance. The benefits of having website security protection are negated if your website is performing poorly/slowly, continually experiencing out of memory errors/running out of memory, database size growing exponentially with non-essential stored data, etc. BulletProof Security can actually speed up & improve your website performance by using the Speed Boost Cache Bonus Code. See the BulletProof Security Bonus Custom Code help section below.

FrontEnd/BackEnd Maintenance Mode (Security/Development)

Display a website under maintenance page with Countdown Timer to website visitors while the website displays and functions normally for you. When the Countdown Timer has completed (reached 0) an email reminder is sent to you to remind you that the Countdown Timer has completed. The new BPS Maintenance Mode design includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes and most importantly is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily. FrontEnd Maintenance mode is primarily designed for development/maintenance purposes and BackEnd Maintenance Mode is technically a security feature since enabling BackEnd Maintenance Mode allows you to deny access to the /wp-admin folder/WP Dashboard by IP address. See BulletProof Security FrontEnd/BackEnd Maintenance Mode Features for additional features and options.

Why .htaccess Website Security So Much Better Than Other Types of Website Security

The answer is very simple - .htaccess files (distributed Server configuration files) are processed first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files/Firewalls before those scripts even have a chance to reach the php code in WordPress. BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. Please read the FAQ page for Server compatibility questions.

BulletProof Security Additional Website Security Protection

WordPress is already very secure, but every website, no matter what type of platform it is built on should have additional website security measures in place as a standard. BulletProof Security provides that additional website security protection that every website should have.

Translations

  • Lithuanian by Vincent G from Host1Free.com
  • Filipino/Tagalog by pointen.dk
  • Russian by EyeFinity
  • If you would like to translate the BPS plugin to your language see this BPS Plugin Language Translation Tutorial. Please include a link to your website so that we can add it here. Thank you.
  • Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.

BulletProof Security Bonus Custom Code

BulletProof Security htaccess Core (Firewalls, etc.) Features

  • Root Folder BulletProof Mode/Firewall
  • wp-admin Folder BulletProof Mode/Firewall
  • Built-in .htaccess File Editor & File Manager
  • Built-in .htaccess Backup and Restore
  • One-click .htaccess website security protection from within the WP Dashboard
  • .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection.......... hacking attempts
  • TimThumb Vulnerability/Exploit .htaccess security protection (Firewall)
  • .htaccess Lock / Unlock (404 Read-Only)
  • .htaccess AutoLock On or Off
  • Security / HTTP Error Logging - Log 400, 403 and 404 Errors
  • Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
  • Security Log: Turn On / Turn Off / Delete Log
  • Security Log Automation: Automatically zipped, emailed and replaced based on file size
  • Automatic .htaccess file updating on BPS upgrade installation
  • New .htaccess security filters automatically added during upgrade
  • WP Dashboard Alerts / WP Dashboard Dismiss Notices
  • Anti Comment Spam .htaccess code - works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
  • Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
  • Author ID / User ID / Username Bot Probe Protection
  • Custom Code feature: Add, Edit, Modify, Save additional Bonus or personal custom .htaccess code
  • WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
  • wp-config.php and bb-config.php files protected with .htaccess security protection
  • php.ini and php5.ini files protected with .htaccess security protection
  • WordPress database errors turned off - Verification and function insurance
  • WordPress version is not displayed / not shown - WordPress version is removed
  • WP Generator Meta Tag filtered - not displayed / not shown
  • WP DB default admin username / account check
  • System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, WP Filesystem API Method, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache, Memcached...
  • Security Status Page - Displays website security status information
  • File and Folder Permission Checking - CGI / DSO - SAPI check / display
  • Help & FAQ page - links to BPS Guide and other detailed Help & Info pages
  • Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
  • Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
  • Log in / out of your website while in Maintenance Mode
  • Customizable 503 Website Under Maintenance page
  • HUD Success / Error message display
  • i18n Language Translation coding

BulletProof Security Login Security & Monitoring Features

  • Brute Force Login Security Protection
  • Log All User Account Logins or Log Only User Account Lockouts
  • Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
  • Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out, Do Not Send Email Alerts
  • Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
  • Login Security Stealth Mode: Standard WP Error Messages or Generic Error Messages.
  • Login Security Stealth Mode: Enable or Disable Login Password Reset capability and links.
  • Dynamic DB Form: Lock, Unlock, Delete
  • Enhanced Search: Allows you to search all of the Login Security database rows/Fields
  • Click the Login Security Read Me help button for full descriptions of all features and options.

BulletProof Security DB Backup/Database Backup Features

  • Manual or scheduled database backups
  • Scheduled backup job options: Hourly, Daily, Weekly and Monthly
  • Send scheduled backup zip file via email or just send email only
  • Selective database table backup and full database backup
  • Automatically deletion of old backup files after a certain period of time
  • Backup Jobs - Manual/Scheduled Accordion Tab
  • Displays the Description/Job Name, Delete and Run Checkboxes, Job Type, Frequency, Last Backup, Next Backup, Email Backup and Job Created table columns.
  • Backup Files - Download/Delete Accordion Tab
  • Displays the Backup Filename, Delete Checkbox, Download Links, Backup Folder, Size and Date/Time table columns.
  • Create Backup Jobs Accordion Tab
  • Displays a dynamic DB Table Name checkbox form, Description/Backup Job Name, DB Backup Folder Location (default Obfuscated & Secure BPS Backup Folder location), DB Backup File Download Link/URL, Backup Job Type: Manual or Scheduled, Frequency of Scheduled Backup Job (recurring - Hourly, Daily, Weekly or Monthly), Hour When Scheduled Backup is Run (recurring - start time for a scheduled backup job), Day of Week When Scheduled Backup is Run (recurring - weekday day), Day of Month When Scheduled Backup is Run (recurring - day of the month), Send Scheduled Backup Zip File Via Email or Just Email Only - email zip backup file, do not email backup zip file, email and delete zip backup file or just send an email, Automatically Delete Old Backup Files (Never delete old backup files, delete backup files older than 1 day, 5 days, 10 days, 15 days, 30 days, 60 days, 90 days or 180 days), - Turn On/Off All Scheduled Backups (override - turn on all scheduled backups or turn off all scheduled backups).
  • DB Backup Logging
  • Depending on your DB Backup settings, log entries will be logged anytime you run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. The Backup Job Completion Time, Zip Backup File Name, timestamp and other information is logged. If you have chosen the option to automatically delete old zip backup files then the zip backup file name and timestamp will be logged when old zip backup files are automatically deleted. When you create a new Backup Job your Backup Job Settings are logged/saved in the DB Backup Log.
  • DB Backup Log Automation: Automatically zipped, emailed and replaced based on file size
  • Click the DB Backup Read Me help button for full descriptions of all features and options.

BulletProof Security FrontEnd/BackEnd Maintenance Mode Features

  • FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes
  • Website displays & functions normally while visitors see a website under maintenance page
  • TinyMCE WYSIWYG Editor
  • Embed image files and YouTube videos
  • 20 background images, 15 center images (text box image)
  • Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image)
  • Enable Countdown Timer
  • Countdown Timer Text Color
  • Maintenance Mode Time in Minutes
  • Header Retry-After in Minutes ~ 503 HTTP Status Code
  • Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming soon, under construction, etc.
  • Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection for the wp-admin folder / WP Dashboard
  • Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That Can View The Website Normally (not in Maintenance Mode)
  • Maintenance Mode Text, Images, Videos Displayed To Website Visitors
  • Background Images ~ 20 background images ~ mix and match with center images ~ see screenshot
  • Center Images ~ 15 center images ~ mix and match with background images ~ see screenshot
  • Background Colors (If not using a Background Image)
  • Display Visitor IP Address
  • Display Admin/Login Link
  • Display Dashboard Reminder Message when site is in Maintenance Mode
  • Send Email Reminder when Maintenance Mode Countdown Timer has completed
  • Email: To, From, cc, bcc
  • Network/Multisite Primary Site Options ONLY
  • Put The Primary Site And All Subsites In Maintenance Mode
  • Put All Subsites In Maintenance Mode, But Not The Primary Site
  • Click the Maintenance Mode Read Me help button for full descriptions of all features and options.
Author AITpro | Edward Alexander
Profile
Contributors AITpro
Tags 400, 403, 404, 503, antivirus, attack, authenticate, authentication, author, author id, back up, backups, ban, banned, base64, block, blocked, bot, brute force, bruteforce, bulletproof, chmod, code, coming soon, crack, cracking, CRLF, CSRF, database backup, database table prefix, db backup, DB table backup, DB table prefix, DDoS, developer, development, directory traversal, DoS, dump, encode, enumeration, error log, exploit, exploitation, file inclusion, firewall, hack, hackers, htaccess, HTTP log, infect, infected, infection, injection, lfi, lock, log, logging, login, login alerts, login security, maintenance, maintenance mode, malicious, multisite, mysql, mysql backup, offline, Optimization, optimize, path traversal, performance, permissions, Pingback, plugin, prevent, prevention, privacy, private, protection, rfi, safe, safety, schedule backup, script, secure, security, security log, spam, spammers, speed boost, speed increase, SQL Injection, trackback, unavailable, under construction, user-id, username, users, virus, vulnerability, vulnerable, website backup, website security, wordpress backup, wordpress security, xml rpc, xmlrpc, xss
  1. bulletproof-security screenshot 1

    BulletProof Security - Security Modes page

  2. bulletproof-security screenshot 2

    BulletProof Security - Security Log page

  3. bulletproof-security screenshot 3

    BulletProof Security - System Info page

  4. bulletproof-security screenshot 4

    BulletProof Security - htaccess File Editor page

  5. bulletproof-security screenshot 5

    BulletProof Security - Login Security and Monitoring page

  6. bulletproof-security screenshot 6

    BulletProof Security - DB Backup page

  7. bulletproof-security screenshot 7

    BulletProof Security - Maintenance Mode page

  8. bulletproof-security screenshot 8

    BulletProof Security - Maintenance Mode template images

  1. Install, activate plugin, click AutoMagic buttons, Activate BulletProof Modes, choose Login Security options and turn On Login Security.
  2. Download Installation:
  3. Download the bulletproof-security.zip file to your computer and unzip it.
  4. Upload the bulletproof-security folder (including all files within) to your /wp-content/plugins folder.
  5. Activate plugin, click AutoMagic buttons, Activate BulletProof Modes, choose Login Security options and turn On Login Security.
  6. Enjoy!

.51.1

  • Obsolete File Deletion:
  • Special thanks to Pietro Oliva for finding and reporting Form code sanitization issues in the stand-alone bpsunlock.php file/Form code. The bpsunlock.php stand-alone Login Security user account unlock file/Form has been removed/deleted from BPS. After review of the usefulness of this Form it was decided that instead of spending the time to sanitize the Form code the bpsunlock.php file/Form has instead been removed/deleted from BPS.

.51

  • BugFix/Code Correction:
  • System Info page HTTP_HOST variable fallback for SERVER_ADDR IP address retrieval code correction. Missing gethostbyname function has been added to the HTTP_HOST variable IP address fallback and is now returning an IP address correctly.
  • Code Correction/Sanitization:
  • System Info page Check Headers Tool Form code sanitization. Special thanks to Benjamin Kunz Mejri for finding and reporting this Form code sanitization issue that needed to be corrected.

.50.9

  • System Info Enhancements/Improvements/Additions:
  • DNS Name Server checking code performance improvement and conditional checking added based on domain labels. Network/Multisite subdirectory / subdomain site type check added and changes to existing conditional checks. output_buffering directive variable check changed and text correction. Additional conditional checks for PHP Actual Configuration Memory Limit. Will display color coded recommendations and/or memory limits. Various naming/text changes.
  • htaccess Core Structural Core Changes:
  • Reduction in size of large Options Core file by creating additional conditional supporting files with require. Deny All htaccess file is created in the new /core/ folder on init to protect the options.php core file. Other internal Core stuff.
  • Security Log Design/Visual/Enhancement Changes:
  • Auto-Locking added to Security Log Turn On/Off Forms. The root .htaccess file is automatically locked again if it was locked. Cross Browser compatibility visual display issues/problems with Email Alerts and Log files Form. Forms are now using tables instead of individual CSS properties.
  • Login Security Visual/Design Change:
  • Cross Browser compatibility visual display issues/problems with Option/Settings & Email Alerts and Log files Form. Forms are now using tables instead of individual CSS properties.
  • DB Backup Log Visual/Design Change:
  • Cross Browser compatibility visual display issues/problems with Email Alerts and Log files Form. Forms are now using tables instead of individual CSS properties.
  • Custom Code Network/Multisite Additional Text Box:
  • CUSTOM CODE WP REWRITE LOOP END: Add WP Rewrite Loop End code here. This is a Special Network/Multisite Custom Code text box that should ONLY be used if the correct WP REWRITE LOOP END code is not being created in your root .htaccess file by AutoMagic. This Custom Code text box and Read Me help text is ONLY displayed if you have a Network/Multisite website.
  • BugFixes/Code Corrections/Misc/CSS/Visual/Other:
  • Backend Maintenance Mode causing crashes due to newline not being generated in some cases. Additional newline added to wp-admin backend MMode htaccess writing code base
  • Removal/Deletion of obsolete usage of bps_DNS_NS() function.

.50.8

  • Quickie BugFix Release - released 1 hour after release of .50.7:
  • Network/Multisite BPS plugin Network Activation correction:
  • Conditional wrap added for blog_id 1

.50.7

  • htaccess Core Security Modes AutoMagic Buttons:
  • BPS automatically detects your site type and displays the correct AutoMagic buttons for your site type. Other site type AutoMagic buttons are no longer displayed on the Security Modes page.
  • Network/Multisite One Time Code Correction:
  • If you have a Network/Multisite website/installation of WordPress you will see a one time htaccess code correction Notice message displayed to you with steps to perform the one time code correction when you upgrade BPS.
  • Go Daddy Managed WordPress Hosting:
  • If you have Go Daddy Managed WordPress Hosting see the BPS Whats New tab page within the BPS plugin.
  • BugFixes/Code Corrections/Misc/CSS/Visual/Other:
  • Maintenance Mode countdown timer email website link correction for subdirectory websites.
  • Maintenance Mode CSS visual improvements/changes/corrections.
  • WordPress 4.0 RC1 final testing completed - no issues or problems.
  • Delete old BPS bulletproof-security_info transient content on upgrade.
  • Enjoy!

.50.6

  • New Option: Login Security & Monitoring Sort DB Rows:
  • The Ascending Show Oldest Login First option displays logins from the oldest logins to your site to the newest logins to your site. The Descending Show Newest Login First option displays logins from the newest logins to your site to the oldest logins to your site. Example usage: Enter 50 for the Max DB Rows To Show option, which will show a maximum of 50 database rows/logins to your site and set Sort DB Rows option to Descending Show Newest Login First. You will see the last 50 most current/newest logins to your site in descending order.
  • Enhancements: Login Security & Monitoring:
  • CSS max-height changed from 1000px to 600px for the scrollable Dynamic DB table. 600px is a much better / more manageable viewing area.
  • Lock, Unlock and Delete labels for individual checkboxes in Dynamic DB search form and standard form.
  • DB Query improvement for the Dynamic DB standard form.
  • New Option: htaccess Core wp-admin BulletProof Mode Enable/Disable wp-admin BulletProof Mode:
  • This option is ONLY for Hosts that do not allow .htaccess files in the wp-admin folder. Go Daddy Managed WordPress Hosting (not standard Go Daddy Hosting) is the only known hosting account type where this option should be set to: Disable wp-admin BulletProof Mode. For everyone else you do not need to use this option. The default setting is already set to: Enable wp-admin BulletProof Mode.
  • Improvement: htaccess Core root domain label retrieval/writing:
  • Improvement to htaccess Core code when retrieving & writing domain labels. Impact: Folks with 3+ domain label naming conventions such as: http://www.label1.label2.label3.
  • Enjoy!

.50.5

  • Login Security Password Reset BugFix & New Option:
  • BugFix: The Lost your password link was not being displayed when Login Security was turned Off.
  • New Option: Turn Off Login Security/Use Password Reset Option ONLY.
  • Enjoy!

.50.4

  • BugFixes/Code Corrections/Misc/CSS/Visual/Other:
  • DB Backup: backticks added to DB Backup Query to allow for hyphenated or other special characters in DB naming conventions.
  • DB Backup dynamic DB table: max-height CSS change
  • Login Security CSS auto-scroll: max-height CSS change
  • DB Table Prefix Changer: Additional check for writable files for DSO server types.
  • Root and wp-admin filter change
  • Log timestamps synchronized to GMT: All log timestamps are now synchronized to GMT time.
  • Enjoy!

.50.3

  • Correction/BugFix/Improvement: root and wp-admin .htaccess filters/rules change/correction/improvement. See the BPS Whats New tab page for more details.
  • Thanks goes to aselektor for spotting and reporting this.
  • Enjoy!

.50.2

  • New Feature: DB Backup. Manual or scheduled (Hourly, Daily, Weekly and Monthly) database backups. Send DB Backups via email etc.
  • New Feature: DB Backup Log. The Backup Job Completion Time, Zip Backup File Name, timestamp. etc. is logged. Backup Job Settings are logged.
  • New Feature: DB Table Prefix Changer.
  • New Feature: UI Theme Skin. 3 UI Theme Skins: Blue Gel Classic UI Theme, Light Grey jQuery UI Theme, Dark Black WP UI Theme.
  • Root .htaccess Security Filters Change: See the BPS Whats New tab page for more details.
  • Login Security New Option/Option Change & Misc: Disable Password Reset Frontend Only, Disable Password Reset Frontend & Backend.
  • System Info page: added MySQL Extension, MySQLi Extension check.
  • Login Security email message text change when user account is locked.
  • Whitelist the Debug Bar plugin debug-bar css and js scripts.
  • Enjoy!

.50.1

  • Security Logging major changes/improvements to logging template files/code & start of Phase 1 Security Log Solution Targeting: The Security Logging code has been significantly improved in BPS .50.1. Logging is more streamlined, performance optimized & faster than in previous BPS versions, even with the new general conditional pattern checking code added.
  • As of BPS .50.1 two new Security Log Fields have been added to Security Logging: Event Code and Solution. In Phase 1 of Security Log Solution Targeting the primary focus is on detecting possible Plugin Skip/Bypass rules & wp-admin Skip/Bypass Rules issues that need/require a one-time solution. Since 99.99% of the Security Log entries are blocked/forbidden hackers, spammers, scrapers, harvesters, miners, bad bots, etc. then the Security Log checking conditions can and should be streamlined/performance optimized by only looking at pattern matches in a broad scope.
  • Maintenance Mode Accordion: Maintenance Mode Accordion created for better functionality/usability. Code correction: Maintenance Mode website name not displayed in the reminder email. Code correction: Maintenance Mode Apostrophes/single quote code character displayed with an escape backslash.
  • New Bonus Custom Code/Dismiss Notice: WordPress XML-RPC DDoS Protection: Special Thanks goes to Gary Gordon for reporting the recent WordPress XML-RPC exploits/attacks. The XML-RPC DDoS PROTECTION Bonus Custom Code .htaccess code completely turns off/disables IXR-RPC Client/Server capabilities on a website by protecting the WordPress xmlrpc.php file from being publicly accessible, which prevents the IXR XML-RPC Client/Server connection. Using this Bonus Custom Code will turn off/disable remote posting capability from Weblog Clients (A Weblog Client is software you run on your local machine (desktop) that lets you post to your blog via XML-RPC), unless you add (whitelist) your IP address in the XML-RPC DDoS PROTECTION Bonus Code.
  • New Dismiss Notice Added: WordPress Firewall 2 plugin check The WordPress Firewall 2 plugin contains a coding mistake and has not been updated in over 3 years. The wp-admin area is supposed to be whitelisted by default, but that code is not working correctly, which breaks several things in the BPS plugin. The Dismiss Notice will alert users to this existing problem.
  • New/Updated Help & FAQ Help Links: Help & FAQ tab pages have updated links, old/outdated links removed, etc.
  • Enjoy!

.50

  • Bugfix/Code Correction: Maintenance Mode str_replace has been changed to dirname for GWIOD site types to get the site root index.php file path
  • Special Thanks go to Eddy Estevez for reporting this bug.
  • Enjoy!

.49.9

  • New Feature: Maintenance Mode - FrontEnd/BackEnd Maintenance Mode Maintenance Mode Guide The previous Maintenance Mode feature in BPS has been completely removed/replaced with the new Maintenance Mode feature in BPS .49.9. This is a completely new BPS feature. The new BPS Maintenance Mode design includes 20 background images, 15 center images (text box image), allows you to embed image files and YouTube videos, FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes and most importantly is fast and simple to use so that you can switch in and out of Maintenance mode quickly and easily. Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image).
  • New Headers check tool added to the System Info page: Check your website Headers or another website's Headers by making a GET Request. Both GET and HEAD Headers checking is now available on the System Info page.
  • New System Info checks: Standard/GWIOD Site Type, BuddyPress and bbPress. If GWIOD site type display WordPress Address (URL) and Site Address (URL).
  • BPS Plugin/Theme Script Dequeue function added: Dequeue any/all other plugin or theme scripts that attempt to load in BPS plugin pages: A new BPS function has been added that Dequeues any/all other plugin or theme scripts on/in BPS plugin pages ONLY, which causes a wide variety of problems for BPS , such as broken plugin functionality, broken menus and pages not displaying visually correct. This new BPS Dequeue function only runs on/in BPS plugin pages and does not run anywhere else or affect anything else on a website. The BPS Dequeue function is only designed to prevent any other plugins or themes from loading their scripts in BPS plugin pages and does not do or affect anything else on a website.
  • Security Log Code Correction/Enhancement: Security Log User Agent/Bot filter auto-updated during BPS upgrade: The BPS 403.php Security Log template file is replaced during BPS plugin updates/upgrades, which is normal WordPress plugin update/upgrade procedure. The BPS 403.php Security Logging template is now auto-updated during BPS plugin upgrades/updates and automatically adds any previously added/saved User Agent/Bot filters to the new 403.php template file if any User Agents/Bots to Ignore/Not Log were previously added/saved.
  • W3TC and WPSC Error checking/messages modified to reflect current version error checking: Several things have changed in BPS .49.9 relating to W3TC and WPSC and related error messages.
  • DB Table datatype Issue/problem affects SQL Server (not MySQL) only: CREATE TABLE Query id column datatype has been changed from mediumint(9) to bigint(20).
  • Backup & Restore page/other misc pages: Master File backups and checks are obsolete and have been removed from BPS .49.9.
  • htaccess Core Security Modes page: Descriptive titles added to Radio buttons for BulletProof Modes: Root Folder BulletProof Mode, wp-admin Folder BulletProof Mode, Master htaccess BulletProof Mode and BPS Backup BulletProof Mode.
  • Feature Request by Daedalon: Unused po & mo Language files automatically deleted: Unused po & mo Language files are automatically deleted on page access for these BPS pages: htaccess Core, Login Security, Security Log and Maintenance Mode.
  • Enjoy!

.49.8

  • Custom Code Code Correction: ENT_QUOTES flag added to Custom Code AutoMagic variables to convert Single Quote HTML entities stored in the DB back to characters during AutoMagic File writing.
  • Enjoy!

.49.7

  • Network / Multisite Plugin Network Activation or Single subsite Plugin Activation: As of BulletProof Security .49.7, the BPS plugin can be Network Activated or you can allow the BPS plugin to be activated individually on each Network / Multisite subsite or of course you can choose not to Network Activate BPS or allow the BPS plugin on subsites.
  • New AutoMagic WP 3.5+ Network / Multisite .htaccess code: BPS AutoMagic buttons automatically write the correct Network / Multisite root .htaccess code for your site based on your WordPress version.
  • Network / Multisite New Feature Notice: BPS can now be Network Activated on Multisite: This Network / Multisite New Feature Dismiss Notice displays on Network / Multisite only to alert Network / Multisite site owners about the new Network Activation capability in BPS.
  • CSS Visual Style Changes for WP 3.8+ MP6 & Pre 3.8 WP Versions: WordPress 3.8 is using the new MP6 GUI. A BPS 3.8 CSS stylesheet has been created to visually display things correctly in WordPress 3.8. BPS will automatically load the correct CSS stylesheet for your WordPress version. CSS visual enhancements were also created for pre WordPress 3.8 versions.
  • See the BPS Whats New page for more details
  • Enjoy!

.49.6

  • Bonus Code Dismiss Notice Added: Author ID / User ID / Username BOT Probe Protection Code: Protects against hacker Bot Probes looking for WordPress author enumeration (a numbered list of Author ID's / User ID's) to exploit. Generates a standard WordPress 404 Error instead of displaying Author ID's / User ID's / Usernames.
  • Root .htaccess File code modifications/changes:
OLD: RedirectMatch 403 /\..*$
NEW: RedirectMatch 403 \.(htaccess|htpasswd|errordocs|logs)$

BPS Query String Exploits Code Changes
OLD: RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
NEW: RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
NEW: RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]

OLD: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
NEW: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
  • See the BPS Whats New page for more details
  • Enjoy!

.49.5

  • Reverting: Brute Force Login Protection code is now optional/Bonus Code again
  • BPS will not automatically add this code as standard code in the root .htaccess file
  • The Brute Force Login Protection Custom Code text box will remain for folks who can use this code on their websites.
  • See the BPS Whats New page for more details
  • Enjoy!

.49.4

  • Code Mod to Brute Force Login Protection code to allow for the widest possible range of compatibility
  • This affected a small number of folks
  • MOD: RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR] to RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
  • Enjoy!

.49.3

  • New Feature - Security Log zip, email and delete/replace option: Security Log files are automatically zipped, emailed and replaced with a new blank security log file when they reach the maximum file size setting on the Security Log page. During the BPS upgrade this is automatically set to zip and email log files when they reach 500KB in size.
  • Structural/Menu Changes: The Security Log & System Info tab pages have been moved out of htaccess Core and now have their own separate pages/menu links.
  • New standard root .htaccess code added: Server Protocol HTTP/1.0 and blank User Agent htaccess BRUTE FORCE LOGIN PAGE PROTECTION code is now standard .htaccess code in the BPS root .htaccess file.
  • New BPS Custom Code Text box added: A new Custom Code Text box has been added: CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION.
  • Check Headers Tool added to the System Info page: This tool Allows you to check your website Headers or another website's Headers remotely.
  • New System Info page check - Public IP/X-Forwarded-For check: If you are using CloudFlare on your website then you will see Proxy X-Forwarded-For IP Address: instead of Public ISP IP / Your Computer IP Address: displayed to you. This additional check is for troubleshooting issues with CloudFlare, CDN, Proxy or VPN.
  • PHP mysqli_get_client_info function additional check Additional function checking code has been added in cases where the mysqli_get_client_info function is not available on a Host Server.
  • Enjoy!

.49.2

  • Dismiss Notice text corrections: S-Monitor page text changed to Security Status page
  • W3TC & WPSC Alerts text corrections: Edit/Upload/Download page text changed to htaccess File Editor page
  • Several BPS functions renamed for uniqueness/no-conflict assurance
  • PHP 5.5.x Deprecated function replacement file options.php: mysql_get_client_info replaced with mysqli_get_client_info
  • PHP 5.5.x Deprecated function replacements file bpsunlock.php: New code using MySQLi instead of MySQL
  • Enjoy!

.49.1

  • Backup folder path correction on Backup & Restore page
  • WP Filesystem API Method will display the WordPress Filesystem Method in use. For DSO Server troubleshooting additional fields will be displayed if the Script Owner and File Owner ID's do not match.
  • Custom Code help text changes
  • Custom Code additional error checking
  • htaccess auto-writing additions
  • Additional root htaccess file placeholders/markers added
  • New Dashboard Dismiss Notices: Sucuri 1-click Hardening, Broken Link Checker, phpini handler, Speed Boost Custom Code, Custom Permalinks check
  • Dashboard Alerts are now only displayed to Administrators. Editors, Authors, etc will no longer see Alerts
  • The htaccess Core Edit/Upload/Download tab page has been renamed to htaccess File Editor.
  • The File Upload & Download features have been removed from the new htaccess File Editor page since these features/options are obsolete.
  • Visual Enhancements: AutoMagic font size increased, etc.
  • Enjoy!

How does the BulletProof Security Plugin htaccess Core (Firewalls) work?

The BulletProof Security Plugin allows you to create and activate .htaccess website security with one-click (figuratively) for your website without having to know anything about .htaccess files. The Master .htaccess files are pre-made and BPS writes .htaccess code that is customized to each specific website. There is nothing to figure out or to configure. Click the AutoMagic buttons (creates customized Master .htaccess files) and Activate BulletProof Modes (copies the customized Master .htaccess files to your root and wp-admin folders). BPS has built-in Backup and Restore and an .htaccess File Editor for full manual editing control as well. BPS Custom Code allows you to add additional custom .htaccess code or BPS Bonus Custom Code.

Does BulletProof Security Have Built-in Troubleshooting/Diagnostic/Logging/Whitelisting Capability?

Yes, Troubleshooting/Diagnostic/Logging/Whitelisting is built-in to BulletProof Security. The primary troubleshooting feature in BulletProof Security is the BPS Security Log. The primary whitelisting feature in BulletProof Security is BPS Custom Code. The BPS Security Log logs blocked hackers, spammers, bad bots, etc. and also logs anything else that is blocked by BPS. If something legitimate is being blocked in another plugin or theme that needs to be allowed/whitelisted then the BPS Security Log entry will contain all the information about what exactly is being blocked so that a whitelist rule can then be created in BPS Custom Code. The BPS Security Log also logs all other 403 errors that occur on your website whether or not they are related to or caused by BPS.

How does BulletProof Security Plugin Login Security & Monitoring work?

BulletProof Security Login Security & Monitoring allows you to choose whether you want to Log All User Account Logins or Log Only User Account Lockouts. The Dynamic DB Logging Form has 3 checkbox options: Lock, Unlock or Delete database rows. The Login Security database table is hooked into the WordPress Users database table, but they are 2 completely separate database tables. If you lock a User Account then BPS Pro will enforce that lock on that User Account and the User will not be able to log in. If you unlock a User Account then the User will be able to login. Deleting database rows in the Login Security database table does NOT delete the User Account from the WordPress Users database table. When you delete a User Account it is pretty much the same thing as unlocking a User Account. To delete actual User Accounts you would go to the WordPress Users page and delete that User Account.

How does BulletProof Security FrontEnd/BackEnd Maintenance Mode work?

FrontEnd Maintenance Mode creates template files based on the options you choose and save. When you Turn On Maintenance Mode those template files are copied to the root directory of your website. When you Turn Off Maintenance Mode those template files are deleted from the root directory of your website. Maintenance Mode works by allowing the IP addresses that you enter & save to view the site normally. All other IP addresses will see the Maintenance Mode template page. BackEnd Maintenance Mode writes directly to your wp-admin .htaccess file and adds a deny all block of .htaccess code with the IP addresses the you enter & save when you enable BackEnd Maintenance Mode. When you disable/uncheck BackEnd Maintenance Mode that deny all block of .htaccess code is removed/deleted from your wp-admin .htaccess file. For more extensive help info or CSS Code, Image & Video Embed examples to add in the Maintenance Mode Text, CSS Style Code, Images, Videos Displayed To Website Visitors text area click this Maintenance Mode Guide Forum Topic link: Maintenance Mode Guide.

What do I do if my User Account is locked out?

Use FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder name to /_bulletproof-security and login to your website. After logging into your website, rename the /_bulletproof-security/ plugin folder name back to /bulletproof-security/. Unlock your User Account on the BPS Login Security and Monitoring page.

Do I need to understand .htaccess code in order to use BulletProof Security?

No, customized .htaccess files are created for each specific website by clicking the AutoMagic buttons and activating BulletProof Modes. You do not need to know anything about .htaccess website security files or code in order to use the BulletProof Security plugin. Extensive help information can be found in the Read Me help buttons in BPS. The Help & FAQ tab pages in BulletProof Security contain links to the BulletProof Security Forum. The process of adding Custom Code or adding whitelisting rules is automated - copy, paste & click.

What do I do if I cannot log back into my website due to an htaccess file problem?

If you accidentally activated BulletProof Modes without first clicking the AutoMagic buttons or your web host does not allow you to lock your root .htaccess file. Use FTP or your Web Host Control Panel File Manager and delete the .htaccess files that BPS creates in your website root folder and your wp-admin folder. Deleting the .htaccess files in your website root folder & wp-admin folder will allow you to log back in to your website. Log back into your website. If your web host does not allow locking the root .htaccess file then go to htaccess File Editor tab page and click the Turn Off AutoLock button. Click the AutoMagic buttons and activate BulletProof Modes again.

Will BulletProof Security or .htaccess files or .htaccess code cause my website to run slower?

No, BulletProof Security or .htaccess files or code will not cause a website to run slower. BulletProof Security is website performance optimized and uses very little/low website resources and very little Server memory. BulletProof Security uses a finite amount of security rules/filters/code in all .htaccess files. Note: Both W3 Total Cache and WP Super Cache use .htaccess code to speed up websites.

Can BulletProof Security speed up my website and make it run faster?

Yes, BulletProof security can speed up your website and make it run faster if you use the Speed Boost Cache Bonus Code and add it to BPS Custom Code. See the BulletProof Security Bonus Custom Code section on the BulletProof Security plugin Description page for a link to the Speed Boost Cache Bonus Code.

BPS Alert! Your site does not appear to be protected by BulletProof Security. What does the Alert mean?

When upgrading/updating the BulletProof Security plugin you may see this WP Dashboard Alert. BPS Alert! Your site does not appear to be protected by BulletProof Security. There are 2 very common issues/problems that can cause this. The cPanel HotLink Protection Tool issue or the WordPress flush_rewrite_rules function issue. Click this link Common BPS Issues Note: Any custom htaccess code or modifications that you have made to your htaccess files will not be altered, modified or changed during the auto-update. Activating BulletProof Modes again after upgrading BPS is no longer necessary.

Where can I find BulletProof Security additional troubleshooting steps & support?

Please see the BulletProof Security Forum.

BulletProof Security Server Compatibilty

  • Compatible with Apache CGI configured Servers
  • Compatible with Apache DSO configured Servers (May require CHOWN Ownership change or file/folder permission changes)
  • DSO Help Info
  • Compatible with Nginx frontend Server with Apache backend Server
  • Compatible with LiteSpeed Servers
  • Compatible with Windows IIS Servers - Windows Hosting - See IMPORTANT NOTES below.
  • If your IIS Server has ISAPI_Rewrite installed then you CAN use .htaccess files / BulletProof Modes.
  • IMPORTANT NOTES: If you have an IIS Server you may or may not be able to use .htaccess files and can only use Login Security & Monitoring. If your IIS Server is using the URL Rewrite Module then you can probably use .htaccess files / BulletProof Modes. If you activate BulletProof Modes and your website crashes then FTP to your website and delete the root .htaccess file and the wp-admin .htaccess file. You will not be able to use .htaccess files on your Server/website and can only use Login Security and the other features in BPS.

Additional BulletProof Security Server Compatibilty Info

BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. BPS is compatible with Apache Linux Servers, LiteSpeed Servers, Nginx Servers (if the Nginx Server is the frontend Server and Apache Linux Server is the backend Server). If you do not know what type of Server you have you can check your Server Type and Operating System on the BPS System Info page. You can install BulletProof Security if you have a Windows IIS hosted website to use the additional features in BPS, but may or may not be able to Activate BulletProof Modes depending on what your IIS Server does and does not have installed / configured. Please see this WordPress Codex Permalinks without mod_rewrite for additional information regarding IIS Servers and also the Helicon Tech website for additional information regarding ISAPI_Rewrite.

Does BulletProof Security Work on ALL Nginx Servers / Server Configurations?

If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module - HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like Apache's mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.

Are there any known issues or conflicts with other WordPress Plugins or Themes?

Occasionally issues or conflicts do occur with other plugins, but they are always quickly resolved. BulletProof Security is compatible with all other Plugins and Themes. If BulletProof Security is blocking something legitimate in another plugin or theme a whitelist rule can be created in BPS Custom Code to allow/whitelist whatever was being blocked by BPS. Please check the BulletProof Security Plugin Compatibility page for the steps to search for documented plugin or theme whitelist rules.

Does BulletProof Security Work On All Web Hosts?

BulletProof Security works on all web hosts except for these 3 web hosts: Incompatible Hosts. If you have Go Daddy "Managed WordPress" hosting, which is special type of hosting account and is not a regular/standard Go Daddy hosting account then click this link for more information: Go Daddy Managed WordPress Hosting. BPS works fine on Go Daddy "Managed WordPress" Hosting. BPS has a one click option setting that has been created for Go Daddy "Managed WordPress" Hosting.

I am seeing Security Log entries in my BulletProof Security Log. What do they mean?

Your Security Log will log 400, 403 and 404 (requires copying the BPS 404 logging code to your Theme's 404.php Template) Errors. The Security Log logs all 400 and 403 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme's 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme's 404 Template file. 99.99% of what is logged in the Security Log is blocked hackers, spammers, bad bots, scrapers, miners, etc. The Security Log is also a troubleshooting tool. If BPS is blocking something legitimate in another plugin or theme then exactly what is being blocked in another plugin or theme by BPS will be logged in the Security Log.

HTTP Response Status Codes

  • 400 Bad Request - The request could not be understood by the server due to malformed syntax.
  • 403 Forbidden - The Server understood the request, but is refusing to fulfill it.
  • 404 Not Found - The server has not found anything matching the Request-URI / URL. No indication is given to whether the condition is temporary or permanent.

Is BulletProof Security Network / Multisite Compatible?

Yes, BulletProof Security works on Network / Multisite websites. Both subdirectory and subdomain .htaccess code is written / created for your specific Network / Multisite site based on your WordPress installation version (pre 3.5 or 3.5+). The BulletProof Security plugin can be Network Activated or you can allow BulletProof Security to be activated individually on each Network / Multisite subsite or of course you can choose not to Network Activate BulletProof Security or allow the BPS plugin on subsites. Super Admins will see BPS Dashboard Alerts and other Status displays on the Primary Site only. Administrators can activate or deactivate BulletProof Security on subsites if you allow this on your Network / Multisite website. The BPS Primary Site Menus will display all BPS menus. The BPS Subsite Menus will display: Login Security, Maintenance Mode, System Info & UI Theme Skin menus. All BulletProof Security features are not available on subsites since Network/Multisite subsites are virtual and do not have physical website folders. All BulletProof Security features work sitewide and affect all other virtual subsites. Login Security and Maintenance Mode work independently on each subsite.

  • Login Security works individually for each specific subsite. Login Security has all the same functionality on Network/Multisite subsites with these exceptions: Login Security email alerting is not available for subsites.
  • Maintenance Mode works individually for each specific subsite. MMode has all the same functionality on Network/Multisite subsites with these exceptions: BackEnd Maintenance is not available on subsites & these Primary site options are not available on subsites: Put The Primary Site And All Subsites In Maintenance Mode & Put All Subsites In Maintenance Mode, But Not The Primary Site. MMode is currently not available for Network/Multisite subdomain sites. Pending future development.
  • System Info has all the same functionality on Network/Multisite subsites with these exceptions: MySQL Database information is not displayed on subsites.
  • BulletProof Security also works with Network / Multisite Domain Mapping.

Is BulletProof Security BuddyPress/bbPress Compatible?

Yes, BulletProof Security works with all BuddyPress/bbPress site types.

Is BulletProof Security Compatible with subdomain websites and subdirectory websites?

Yes, BulletProof Security works on all types of WordPress installations including "Giving WordPress Its Own Directory" websites. Note: Maintenance Mode is currently not available for Network/Multisite subdomain sites. Pending future development.

Can I add my own .htaccess code to the BulletProof Security .htaccess files?

Yes, add any additional security code to BulletProof Security Custom Code. Your custom .htaccess code will be saved permanently or until you delete it. Please view the Read Me Help button in Custom Code for specific details.

Does BulletProof Security automatically create or write .htaccess files?

Yes, BulletProof Security automatically creates customized .htaccess website security files for your specific website with AutoMagic and BPS Custom Code. BulletProof Security also offers full manual control of editing .htaccess files using the built-in .htaccess File Editor. The BPS Master .htaccess files are pre-made. When you click the AutoMagic buttons your .htaccess Master files are created with specific code for your specific website. You can add additional code to BPS Custom Code or edit the .htaccess files directly or create completely new .htaccess master files from within the WordPress Dashboard using the built-in BPS File Editor or Custom Code - no FTP required - no Web Host Control Panel required. Automation is great, but having both AutoMagic, Custom Code and full manual editing control makes BulletProof Security very versatile.

Security Log File Automation - Automatically Zipped, Emailed and Replaced

Security Log files are automatically zipped, emailed and replaced with a new blank Security Log file when the log file reaches the maximum file size setting that you choose. By Default BulletProof Security sets this DB option to zip, email and replace the Security Log file when it reaches 500KB. The Security Log file is checked once per hour with a WordPress Cron. The optimum recommended file size setting is 500KB.

DB Backup Log File Automation - Automatically Zipped, Emailed and Replaced

DB Backup Log files are automatically zipped, emailed and replaced with a new blank DB Backup Log file when the log file reaches the maximum file size setting that you choose. By Default BulletProof Security sets this DB option to zip, email and replace the Security Log file when it reaches 500KB. The DB Backup Log file is checked once per hour with a WordPress Cron. The optimum recommended file size setting is 500KB.

BulletProof Security Fast and Simple with No Manual Configuration or FTP Required

The BulletProof Security WordPress plugin is a one-click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files. BulletProof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing other additional website security protection. BulletProof Security allows you to add .htaccess website security protection from within the WordPress Dashboard so that you do not have to access your website via FTP or your Web Host Control Panel in order to add website security protection for your WordPress site.

Does BulletProof Security work with Git distributed version control system?

Yes, BulletProof Security works with Git, but does require some additional set up steps. Please see this thread for the setup steps Git distributed version control system setup steps

Help Info

Extensive Help Info can be found on the AIT-pro.com Forum website and by clicking the Read Me Help buttons on BulletProof Security pages themselves. The BPS Help and FAQ tab pages contain additional help links.

Share  
Download
Version .51.1

Requires WordPress version: 3.0 or higher

Compatible up to: 4.1

Last Updated 22 Oct 2014

Date Added: 29 Apr 2010

Plugin Homepage

Evaluation
star1
star2
star3
star4
star5

4.76 stars
597 ratings
1,329,769 downloads

Compatibility

Not Enough Data

Reports:
Works: 1
Broken: 0

Probably Works.
Considering downloads, would expect problems reported.